PenTest+ exam objectives
To achieve CompTIA PenTest+ cybersecurity certification, you must pass the current version of the PenTest+ exam, last updated in October 2021. The exam covers the five objectives, or domains, listed below:
-
Planning and Scoping (14%)
Covers the probing techniques that emphasize governance, risk and compliance concepts and ensure actions can align with organizational requirements. Seeks demonstration of an ethical hacking mindset.
-
Information Gathering and Vulnerability Scanning (22%)
Covers the latest techniques for performing vulnerability scanning, passive and active reconnaissance exercises and vulnerability management strategies, as well as analyzing reconnaissance results.
-
Attacks and Exploits (30%)
Covers techniques for testing across an expanding threat landscape, including researching social engineering tactics and common attacks that target the network, cloud, wireless technologies and applications.
-
Reporting and Communication (18%)
Covers critical reporting and communication needs prevalent in today’s increasingly complicated regulatory environment through analysis of findings and recommendation of appropriate remediation strategies.
-
Tools and Code Analysis: (16%)
Covers identifying scripts (including Python, Bash, PowerShell and Ruby) across software deployments, analyzing a sample, and explaining pentest solution use cases. No scripting or coding is required in the exam.
Learn more about the PenTest+ domains.
Why should I get the PenTest+?
Pentesters are sometimes referred to as ethical hackers. They continuously probe organizations’ security defenses to identify and close any vulnerabilities before cybercriminals can exploit them. As CompTIA director of products Patrick Lane describes, “pentesters are the attackers whereas CompTIA CySA+ holders are the defenders.”
If you’re interested in using hacking to build a stronger security posture, the PenTest+ is for you. And the CompTIA PenTest+ offers the broadest range of vulnerability management topics available. With 3-4 years of recommended cybersecurity experience and a PenTest+ designation, your penetration testing skills will be well-validated — and in high demand.
What is the current PenTest+ version?
PT0-001 vs PT0-002
The PenTest+ exam was updated in October 2021, and the previous exam (PTO-001) was officially retired in April 2022. Overall, the new exam PTO-002 reflects more of today’s expanded techniques for pentesting web applications and cloud and hybrid environments.
The new exam places a greater emphasis on hands-on skills. The previous exam objectives were based on the knowledge with hands-on skills added to them. Now it’s the other way around, says Lane. And for good reason. “It’s like in sports. You’re not going to become a great left wing in soccer if you’re not practicing all the time.”
For more information, watch the full webinar with CompTIA’s Patrick Lane, PT0-001 vs PT0-002: How the PenTest+ exam is changing.
PenTest+ exam FAQs
The PenTest+ certification exam was last updated in October 2021. It is an intermediate-skills level certification that tests your knowledge of penetration testing, vulnerability scanning and other techniques used for probing an expanding threat landscape. Here’s what you should know about the current exam:
-
What is the PenTest+ exam outline and structure?
The PenTest+ exam has a maximum of 85 questions and test-takers have 165 minutes to complete the exam. The passing score is 750 (on a scale of 100-900).
The exam includes two types of questions: performance-based questions, which involve performing a task or solving a problem, and multiple choice. Read our CompTIA PenTest+ exam article for more information.
-
How hard is the PenTest+ exam?
Like most certification exams, the degree of difficulty for PenTest+ test-takers will vary from person to person. The updated exam tests on today’s pentesting tools and techniques. It is considered an intermediate professional certification, and the passing score is 750/900.
CompTIA recommends PenTest+ certification candidates first earn the CompTIA Security+ certification and have 3-4 years of work experience.
-
How do you take the PenTest+ exam?
You can take the PenTest+ exam at a Pearson VUE testing center or OnVUE, the online proctoring service for Pearson VUE.
To register for either an in-person or online exam, you’ll need to go to the CompTIA website, create an account and purchase an exam voucher. You can schedule your exam, and all exam details will be shared with you via that account. If you’re taking the in-person test, you will need to bring two forms of identification.
More information can be found on the Pearson VUE CompTIA page.
-
How much does the PenTest+ exam cost?
The CompTIA PenTest+ certification costs vary based on location. Prices are outlined below:
- U.S.: $381
- Emerging market currency: 213
- Great Britain currency: GBP 226
- EURO currency: EURO 344
- Japan currency: JPY 43,469
- Australia currency: AUD 515
- South Africa currency: ZAR 2,928
The most up-to-date pricing for CompTIA exams can be found on the CompTIA website.
-
How to pass the PenTest+ exam?
To pass the PenTest+ exam, you must earn 750 points out of 900 points. The exam has 85 questions.
CompTIA recommends PenTest+ certification candidates earn the CompTIA Security+ certification first and have at least 3-4 years of work experience.
Pass rates vary depending on an individual’s experience, study habits and test-taking strategies. You might try Infosec’s Ethical Hacking Dual Certification (CEH PenTest+) Boot Camp. It comes with an Exam Pass Guarantee.
For more advice on passing the exam, check out our Best PenTest+ certification study resources and training materials article.
-
How long does the PenTest+ certification last?
To keep your PenTest+ certification up to date, you must renew it every three years. Several activities and training programs that offer continuing education units can help you renew (see next FAQ question).
For additional information, check out our PenTest+ renewal article.
-
How do I earn CPEs and renew my PenTest+?
To renew your PenTest+ certification, you’ll have to earn continuing education units (CEUs). Over three years, you’ll need to earn a total of 60 and then upload them to your certification account. You can earn CEUs via a single activity or collect credits individually over time.
Single activity options for PenTest+ include:
- Earn the CompTIA’s Complete CertMaster CE
- Earn additional CompTIA certifications
- Earn Non-CompTIA IT industry certifications
- Pass the latest release of your CompTIA exam
Multiple activity renewal options for CySA+ include:
- Attend webinars and conferences
- Complete courses
- Create instructional materials
- Publish blogs, whitepapers or books
- Teach, mentor or gain work experience
For the full list of ways to renew your certification, see CompTIA’s website.
You will also need to pay a continuing education renewal fee. The fee comes out to $50 a year or $150 for the three-year cycle.
Free and self-study PenTest+ materials
Studying for the PenTest+ exam is the best way to prepare yourself to earn a passing grade. Luckily, there are tons of helpful PenTest+ resources. Before you start scouting out the best training resources, we recommend taking a look at the official PenTest+ exam outline since it will shed light on what topics you’ll need to study.
PenTest+ study guides and PenTest+ books
Several study guides and books are available to help you prepare for the PenTest+ exam. You can find them at your local library, book store, or online stores like Amazon. A few of the most popular are:
- The Official CompTIA PenTest+ PT0-002 Certification Study Guide
- CompTIA PenTest+ Study Guide: Exam PT0-002 2nd Edition by David Seidl and Mike Chapple (Sybex)
- CompTIA PenTest+ Certification All-in-One Exam Guide, Second Edition (Exam PT0-002) by Heather Linn and Raymond Nutting (McGraw Hill)
Infosec also has several free penetration testing videos on it’s YouTube channel.
PenTest+ practice exams and simulations
Practice exams are a great way to gauge your exam readiness, although it’s against CompTIA policy to disclose the actual exam questions being used. A few of the most popular PenTest+ practice question options are listed below:
- CompTIA CertMaster Practice for PenTest+ (PT0-002)
- CompTIA CertMaster Labs for PenTest+ (PT0-002)
- CompTIA PenTest+ Practice Tests & PBQs: Exam PT0-002 Kindle Edition by Nikolaos Gorgotsias
In addition to these options, many PenTest+ training courses and content include practice questions. For example, Infosec Skills PenTest+ training includes a customizable practice exam with more than 70 questions.
Other free PenTest+ training resources
There are a number of other free PenTest+ training materials being produced and shared by the community:
- Forums like TechExams and Reddit allow you to connect directly with others who are studying for or have already taken the PenTest+.
- YouTube is another great place to connect with cybersecurity practitioners and learn about the PenTest+ exam. Although most PenTest+ courses cost money, numerous free PenTest+ videos are available to watch, including our PenTest+ exam webcast with CompTIA’s Patrick Lane.
- Podcasts may not help you directly study for your PenTest+ exam, but those like the Cyber Work Podcast are a great way to learn about cybersecurity career options and your peers’ career journeys.
PenTest+ jobs and careers
There are more than 33,000 job openings for penetration and vulnerability testers, according to Cyberseek. The PenTest+ is a Department of Defense (DoD) approved certification that can help set yourself from other candidates in the field.
-
What does a PenTest+ holder do?
The PenTest+ certification demonstrates your skills in penetration testing and vulnerability assessment. According to CompTIA, these are some of the more popular job titles PenTest+ certified people hold:
- Penetration tester
- Security consultant
- Cloud penetration tester
- Web application penetration tester
- Cloud security specialist
- Network & security specialist
Want to learn more about your job options? Take a look at our PenTest+ certification job titles and career outlook article for more about common PenTest+ job positions, salary prospects and tips for resumes and interviews.
-
Is PenTest+ worth it?
If you’re thinking about getting the PenTest+, you may be asking yourself, “Is it worth it to get CompTIA PenTest+?” The answer to this question depends on your career goals.
The PenTest+ is one of three cybersecurity certifications CompTIA offers beyond the baseline Security+. For intermediate-level cyber professionals, it’s an important proof point for those seeking career advancement.
Most U.S. Department of Defense (DoD) organizations must be in compliance with directive 8140 which means that DoD information assurance and cybersecurity personnel must obtain one of a few pre-approved certifications. CompTIA PenTest+ is on this list.
-
What is the PenTest+ average salary?
CompTIA PenTest+ is designed for cybersecurity professionals with intermediate-level experience. This is reflected in the national average salary data for popular PenTest+ jobs. According to Glassdoor:
- Penetration tester: $102,405
- Security consultant: $99,000
- Cloud penetration tester: $103,000 (Cyberseek.org)
- Web application penetration tester: $94,832
- Network & security specialist: $91,795
Comparatively, Salary.com has a similar average salary for some of these positions although not all job titles directly convert. A wide range of positions is available with titles similar to security consultant and web application penetration tester.
Read our PenTest+ salary article for more information.
-
How many people have PenTest+?
CompTIA has issued more than 2.5 million certifications across all the certs they offer.
The PenTest+ certification is relatively new, with the first version released in 2018, so there are not many public numbers available yet. While the precise number of PenTest+ designation holders is not known, CompTIA is well respected by many hiring managers and security team members. In addition, the certification is approved by the Department of Defense (DoD), which is a strong signal toward continued growth in the marketplace.
-
Where can I find PenTest+ jobs?
PenTest+ is a requested certification in offensive-secuirty-related job listings, and general job boards like Indeed, Monster, Glassdoor, LinkedIn and CareerBuilder all allow you to search by keywords like “CompTIA PenTest+” or relevant job titles for open roles.
There are also cybersecurity-specific job boards, such as ClearedJobs, infosec-jobs.com and others. Another great way to find PenTest+ job openings is by joining local and national cybersecurity groups — such as ISSA, or Women in Cybersecurity — joining local meetups or engaging in other cybersecurity forums and websites.
To prepare for your job interview, download our free ebook of cybersecurity interview tips: How to stand out, get hired and advance your career.
Paid CompTIA PenTest+ training and exam prep
When it comes to preparing for the PenTest+ exam, you can choose to train yourself with books and free resources, or you can find a paid course. Most PenTest+ courses fall into two categories: live online PenTest+ boot camps or on-demand PenTest+ courses where you go at your own pace.
Live PenTest+ boot camps
A PenTest+ boot camp provides days of in-depth instruction from an expert instructor. For example, Infosec partners with CompTIA to provide a five-day Ethical Hacking Boot Camp that you can take live online or in person. There are a number of other training providers that offer similar options.
The benefits of a live PenTest+ boot camp include:
- Live training and Q&A: Penetration testing can be fun, but also challenging. You can learn many tips and tricks from an expert instructor with decades of experience.
- Complete training package: Most PenTest+ boot camps come with everything you need: instruction, exam vouchers, books, practice exams and labs. Training with a live instructor is more expensive, so when shopping around, be sure you know what’s included in your purchase — and what you’ll have to pay extra for.
- Improved pass rates: Boot camp providers like Infosec stand by their training with an Exam Pass Guarantee. That means if you fail your exam on your first attempt, you’ll get a second attempt to pass — for free.
Self-paced PenTest+ training
If you’re not in a hurry to earn your PenTest+, the go-at-your-own-pace model can be a great (and more affordable) option. These types of courses usually consist of a number of pre-recorded videos, along with practice exams and labs or exercises you can do on your own to reinforce the material.
The benefits of on-demand PenTest+ training include:
- Train when you want: You’re in charge of your certification training prep, whether that’s bite-sized chunks on your lunch break or weekend-long cram sessions.
- Build an individual training plan: Don’t waste time learning what you already know. Since you’re not tied to a group, you can spend more time focused on the areas you need to learn most.
- Prepare at your own pace: With on-demand training, you can take your time preparing for your PenTest+. Just don’t go too slow! Studies show you can quickly forget the information you’re studying — unless you’re actively using it or reviewing it.
PenTest+ comparisons and alternatives
PenTest+ is a popular mid-level cybersecurity certification, but it’s not the only one. Depending on your career goals, you may wish to explore alternative options. Check out these articles to learn more:
- PenTest+ vs. CEH: Both certs prepare you for different aspects of the ethical hacking world. Find out how they differ.
- GPEN vs. PenTest: Learn which of these two popular pentesting certifications is right for you.
- 7 top security certifications you should have: What about more advanced certs like CISSP, CISA and CCSP?
- A security pro’s guide to CompTIA certifications: Learn more about CompTIA’s IT and security certs.
- Vendor-specific vs. vendor-neutral certifications: Confused about vendor-neutral vs. vendor-specific IT and cybersecurity certifications? We break them down in detail.
